Crypto keys headache help

Aurelian_N · January 28, 2022, 2:49pm

Greetings,

It seems that i have some problems on using keys that were generated outside xojo in order to encrypt / decrypt data .

I have a .p12 file with all the details needed, when i use terminal and i do my tests via openssl i get all the files however i get BER decoding error on xojo side.

If i run :

openssl pkcs12 -in p12File -info

i get the following header :

MAC Iteration 100000

MAC verified OK

PKCS7 Data 

Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 50000

and below 2

-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----

and

5 x

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

So far all ok , now in order to Extract the needed Certificate and key i use again openssl and i have the following :

Getting User Cert File :

openssl pkcs12 -in p12File -clcerts -nokeys -out Client.crt

Getting User Key File :

openssl pkcs12 -in p12File -nocerts -out Client.key

Getting CA Certs :

openssl pkcs12 -in p12File -nokeys -cacerts -out CA.crt

All good here so far . i decrypt the encrypted private key

openssl rsa -in Client.key -out Client_decrypted.key

And once i try to use the Client.crt and Client_decrypted.key in order to Encrypt and decript some data i end up with the lovely

BER decode error

Can somebody clarify for me if there is a way for me to use those keys using Crypto from XOJO or not ? And if Yes then how ? what do i need to do in order to use it properly ?

Apparently certs are Base64 encoded i guess, as well the key.

Thanks in advance.

Aurelian_N · January 29, 2022, 10:53am

From what i see in the format of the .p12 the certs are supposedly BER, i did tried decode BER, Decode DER for the public key but it seems that i always get that error, so maybe they need to be converted in something else . so far i did not find any solution for that, but they do work on other platforms like Java, php so i guess XOJO is little bit more special. It was nice if a compatibility is keept.

DerkJ · January 29, 2022, 10:56am

Well if you get an error, there should be a CryptoException with a message. And note your keys MUST BE RSA, otherwise xojo can’t handle it. (maybe a plugin can but those may still be lacking).

The best way would be to do all via the terminal (shell) or xojo but not mix and match since lot’s of errors may be coming from it.

You could add points to the case to add all crypto features (search in feedback).

Aurelian_N · January 31, 2022, 6:44pm

Well, from. what i understood based on the data that i get it seems that they are using JWS and the JSON Web Token encryption and decryption functions. assuming that XOJO does not have such capabilities in the framework i guess this is another failure.

So i guess the next question that comes, Is there anyone that implemented this functionality ?

I need to be able to process JWT, encrypt, decrypt .

Thanks.